News Now

CU System

TJX hacker to plead guilty to breaches

BOSTON (12/10/09)--The man responsible for the TJX Cos. data breach in 2007 and 2008 has agreed to plead guilty to two of the largest data breaches in history--the Heartland Payment Systems and Hannaford Bros. grocery chain breaches--as well as breaches at 7-Eleven stores. According to a filing on Dec. 2 with the U.S. District Court in New Jersey, where the Heartland charges were brought in August, Albert Gonzalez, 28, of Miami, Fla., has entered into a plea agreement (Reuters Dec. 9 and wired.com Dec. 8). The hacking compromised millions of cards and accounts, and caused headaches and losses for thousands of credit unions and other financial institutions, spawning class action lawsuits against the companies breached. The breaches also raised questions about the effectiveness of payment card industry security standards and who should pay for losses incurred when financial institutions had to reissue cards to millions of consumers. A federal judge Tuesday transferred the New Jersey case to Massachusetts, where Gonzalez is seeking to merge the case with two others in which he already has entered guilty pleas. In the New Jersey charges filed in August, Gonzalez and two unnamed Russian hackers were accused of stealing more than 130 million debit and credit cards from Heartland, a card-processing company, and the retailers. A former Secret Service informant, Gonzalez was charged with 10 other suspects in May 2008 in New York and August 2008 in Massachusetts with hacking TJX, OfficeMax, Dave& Buster's restaurants, and others. Gonzalez pleaded guilty to the charges and was to be sentenced Dec. 21 in Massachusetts on both cases. He faces 15 to 25 years in prison on the earlier charges.